Abstract
There is a strong demand for techniques to aid development and modelling of security critical systems. Based on general security evaluation criteria, we show how to extend the system structure diagrams of the CASE tool AUTO FOCUS (which are related to UML-RT collaboration diagrams) to allow modelling of security critical systems, in particular concerning components and channels. Both high-level and low-level models of systems are supported, and the notion of security patterns is introduced to provide generic solutions for security requirements. We explain our approach on the example of an electronic purse card system.
This work was supported by the German Ministry of Economics within the FairPay project
Chapter PDF
Similar content being viewed by others
Keywords
References
Bell, D. E. and LaPadula, L. (1973). Secure computer systems: Mathematical foundations and model. Technical Report M74-244, The MITRE Corp., Bedford MA.
Broy, M., Dederich, F., Dendorfer, C., Fuchs, M., Gritzner, T., and Weber, R. (1992). The Design of Distributed Systems-An Introduction to FOCUS. Technical Report TUM-I9202, Tchnische Univerität München.
Broy, M. and Slotosch, O. (1999). Enriching the Software Development Process by Formal Methods. In Current Trends in Applied Formal Methods 1998, pages 44–61.
Burrows, M., Abadi, M., and Needham, R. (1989). A logic of authentication. Proceedings of the Royal Society of London A, 426:233–271.
CEPSCO (2000). Common electronic purse specifications: Business requirements. Version 7.0, available from http://www.cepsco.com.
Eckert, C. (1998). Sichere, verteilte Systeme-Konzepte, Modelle und Systemar-chitekturen. professorial thesis, Technische Universität München.
Goguen, J. A. and Meseguer, J. (1998). Security Policy and Security Models. In Proceedings of 1982 IEEE Symposium on Security and Privacy.
Gollmann, D. (1996). What do We Mean by Entity Authentication? In Proceedings of 1996 IEEE Symposium on Security and Privacy.
Huber, F., Molterer, S., Rausch, A., Schätz, B., Sihling, M., and Slotosch, O. (1998a). Tool supported Specification and Simulation of Distributed Systems. In International Symposium on Software Engineering for Parallel and Distributed Systems, pages 155–164.
Huber, F., Molterer, S., Schätz, B., Slotosch, O., and Vilbig, A. (1998b). Traffic Lights-An AutoFocus Case Study. In 1998 International Conference on Application of Concurrency to System Design, pages 282–294. IEEE Computer Society.
ITSEC (1990). ITSEC. Information Technology Security Evaluation Criteria-Harmonised Criteria of France, Germany, the Netherlands, the United Kingdom. Version 1.
ITU (1996). ITU-TS Recommendation Z. 120: Message Sequence Chart (MSC). ITU-TS, Geneva.
Jones, M. P. (August 1993). An Introduction to Gofer.
Jürjens, J. (2001). Towards Development of Secure Systems using UML. In FASE’ 01: Fundamental Approaches to Software Engineering. to appear.
Lotz, V. (2000). Formally Defining Security Properties with Relations on Streams. In Schneider, S. and Ryan, P., editors, Electronic Notes in Theoretical Computer Science, volume 32. Elsevier Science Publishers.
Lowe, G. (1996). Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of lncs, pages 147–166. sv.
Paulson, L. C. (1998). The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1–2):85–128.
Philipps, J. and Slotosch, O. (1999). The Quest for Correct Systems: Model Checking of Diagramms and Datatypes. In Asia Pacific Software Engineering Conference 1999.
Slotosch, O. (1998). Quest: Overview over the Project. In Hutter, D., Stephan, W., Traverso, P., and Ullmann, M., editors, Applied Formal Methods-FM-Trends 98, pages 346–350. Springer LNCS 1641.
Thayer, F., Herzog, J. C., and Guttman, J. D. (1998). Strand Spaces: Why is a security protocol correct? In Proceedings of 1998 IEEE Symposium on Security and Privacy.
Thompson, S. (1999). Haskell: The Craft of Functional Programming. Addison-Wesley Longman.
Wimmel, G., Lötzbeyer, H., Pretschner, A., and Slotosch, O. (2000). Specification Based Test Sequence Generation with Propositional Logic. Journal on Software Testing Verification and Reliability, 10:229–248.
Wimmel, G. and Wisspeintner, A. (2000). The Needham-Schroeder Protocolan AutoFocus Case Study. Internal report, Technische Universität München.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wimmel, G., Wisspeintner, A. (2001). Extended Description Techniques for Security Engineering. In: Dupuy, M., Paradinas, P. (eds) Trusted Information. SEC 2001. IFIP International Federation for Information Processing, vol 65. Springer, Boston, MA. https://doi.org/10.1007/0-306-46998-7_32
Download citation
DOI: https://doi.org/10.1007/0-306-46998-7_32
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7389-6
Online ISBN: 978-0-306-46998-5
eBook Packages: Springer Book Archive